Identity provider - Active Directory Federation Services

Windows server configuration

Open ID connect requires ADFS 4.0 - Windows Server 2016 or later.

The server needs the Active Directory Federation Services role installed and configured. For the official Microsoft guide, refer to Install the AD FS Role Service

 

Step 1 - Connect to the server with AD FS role and open the AD FS Management

Step 2 - Navigate to Application Groups / Add application group

Step 3 - Select the Server application accessing a web API template and name the application group (optional)


Step 4 -  Click next, note the Client Identifier and add the redirect URI in the format: https://hostname-of-server/verba/ssoAdal

 

Step 5 - Select the Generate shared secret option, note the secret

Step 6 - Add the redirect URI in the format: https://hostname-of-server/verba/

 

 

Step 7 - Configure the MFA if required. For the official Microsoft guide, refer to Configure Additional Authentication Methods for AD FS

Step 8 - Add the openid permission for the server application

Verba configuration

Fill the required fields based on the description

NameDescription
Client IDThe ADFS identifier noted in step 4
Client SecretThe ADFS secret noted in step 5
AuthorityThe server with the ADFS role in https://adfs-server/adfs format  
CertificateCA or server certificate in Base-64 encoded X509